NSA Chief Hacker Explains How To Avoid NSA Spying

We already discussed about enemies of our internet freedom, there are some top government organisation who are spying our online activity. In that list, I think National Security Agency [NSA] hold top most position for spying our online activity. Recently NSA chief hacker explained how to protect your network from intruders… such as, oh, let’s say the NSA’s Tailored Access Operations Unit.

LogBook : NSA Chief Hacker Tip To Avoid NSA Spying

Rob Joyce, the head of the National Security Agency’s Tailored Access Operations unit or let say NSA chief hacker, give some advice to a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.

NSA’s Tailored Access Operations [TAO]—the government’s top hacking team who identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States. It has been active since at least circa 1998.

Rob Joyce has been working with the NSA for more than 25 years and became head of the TAO division in April 2013.

Register reported Joyce’s presentation on Wednesday at the Enigma conference, a new security conference in San Francisco, explaining how TAO operates, and advising the attendees on how to prevent state-level actors from infiltrating and exploiting their networks and IT systems.

How NSA Gets You ?

NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data.

He said the goal is to find weak points, whether they be within the network architecture, or in staff who maybe work from home or bring in unauthorized devices. There’s also areas where the target network interconnects with other computer systems, like heating and ventilation controllers, which can be useful for an attack.

Once weak points are identified, intruders who can’t simply use stolen credentials to loot data from a system will plant various malware tools, create “back door” access for themselves, and otherwise establish the presence they need to carry out the rest of the six-stage attack plan.

Joyce noted that malware tools have become difficult to detect, with today’s threats coming from people who know their stolen data begins losing its value the moment they are discovered.

He also pointed out that many of these malware tools are relatively simple pieces of code, because it’s distressingly easy to trick users into downloading and activating them.

How To Stay From Intruders ?

“If you really want to protect your network you have to know your network, including all the devices and technology in it,” Joyce said. “In many cases we know networks better than the people who designed and run them.”

To protect against this, admins need to lock things down as far as possible; whitelisting apps, locking down permissions, and patching as soon as possible, and use reputation management. If a seemingly legitimate user is displaying abnormal behavior, like accessing network data for the first time, chances are they have been compromised, he said.

Reputation-based tools are particularly useful against malware, Joyce explained. Signature-based antivirus won’t protect you against a unique piece of attack code, but when used in conjunction with reputation databases it can be effective – if code or a domain hasn’t been seen before there’s a high chance it’s dodgy.

Joyce stressed that off-site backups are more important than ever for big networks, because nation-state hackers are sometimes interested in destroying data, not just copying it.

He cited cases where NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed. When the NSA hacking squad comes back, he said, the first thing they do is investigate previously reported flaws and it’s amazing how many remain un-patched even after the earlier warning.